Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2020-01-31 CVE-2019-4720 Allocation of Resources Without Limits or Throttling vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request.
network
low complexity
ibm CWE-770
7.5
2020-01-28 CVE-2019-4707 XXE vulnerability in IBM Security Access Manager 9.0.7.0
IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
2020-01-28 CVE-2019-4639 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Security Secret Server 10.6/10.7
IBM Security Secret Server 10.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2020-01-28 CVE-2019-4620 Improper Input Validation vulnerability in IBM MQ Appliance
IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables.
local
low complexity
ibm CWE-20
7.8
2020-01-10 CVE-2019-4508 Insufficiently Protected Credentials vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.3.1/7.3.2
IBM QRadar SIEM 7.3.0 through 7.3.3 uses weak credential storage in some instances which could be decrypted by a local attacker.
local
low complexity
ibm CWE-522
7.8
2019-12-20 CVE-2018-1934 Cross-Site Request Forgery (CSRF) vulnerability in IBM Cognos Business Intelligence 10.2.2
IBM Cognos Business Intelligence 10.2.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2019-12-18 CVE-2019-4609 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM API Connect 2018.4.1.7
IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2019-12-12 CVE-2019-4606 Untrusted Search Path vulnerability in IBM DB2 High Performance Unload Load
IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability.
local
low complexity
ibm CWE-426
7.8
2019-12-11 CVE-2019-4715 OS Command Injection vulnerability in IBM Spectrum Scale
IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system.
network
low complexity
ibm CWE-78
8.8
2019-12-09 CVE-2019-4612 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Planning Analytics 2.0
IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal.
network
low complexity
ibm CWE-434
8.8